content:en_us:7_ug_imap

IMAP and POP Server

ClearOS provides both POP and IMAP servers (cyrus-imapd) for providing mail delivery to desktop clients.

Installation

If you did not select this module to be included during the installation process, you must first install the module.

You can find this feature in the menu system at the following location:

<navigation>Server|Messaging|IMAP and POP Server</navigation>

Initialization

The base mail domain is used by a number of apps: SMTP Server, IMAP, Mail Filter, etc. Each app saves this information in its own configuration file, but we really only want to see the domain in one place in the user interface. That's where the Mail Settings app comes in.

  • Go to <navigation>System|Account Manager|Account Manager</navigation> to make sure the accounts system (users/groups) is running.
  • Go to <navigation>System|Settings|Mail Settings</navigation> to set the mail domain.
  • Go to <navigation>System|Accounts|Users</navigation> to create a few users. Please make sure the SMTP Server User and IMAP and POP Server User are enabled for the user.
  • Go to <navigation>System|Accounts|Groups</navigation> to create a group or two. You will see a new option when adding/editing a group: Distribution List. If you leave this option enabled, the group becomes a mail distribution list (e.g. sales@example.com will go to all the members of the sales group).
  • Go to <navigation>Server|Messaging|IMAP and POP Server</navigation> and start all the servers (if not running).

Configuration

Server Configuration

Mail Server Protocols

The mail server supports four different protocols:

  • IMAP
  • Secure IMAP
  • POP
  • Secure POP

We strongly suggest using the secure protocols if possible. The IMAP and POP server will use its own self-signed certificate out of the box. We recommend that you obtain a commercial certificate in conjunction with the Certificate Manager or a free Let's Encrypt Certificate to secure the protocol. Instructions on using the Let's Encrypt certificate are in this HowTo.

Outlook will give a certificate warning every time it starts if the IMAP and POP server uses its own self-signed certificate fot IMAPS or POPS. This warning will disappear if Let's Encrypt or commercial certificates are used.

Push E-mail

Some mail clients support the push e-mail feature (also known as the IMAP Idle feature). With this feature enabled on both the server and client, e-mail will appear in your mailbox as soon as it arrives. This feature is most useful on wireless and handheld devices. The following mail clients are known to support push e-mail (IMAP Idle):

Mail Client Configuration

Secure POP - Mozilla Thunderbird

If you are using Mozilla's Thunderbird, click on <navigation>Tools|Account Settings</navigation>, then select “Server Settings” from the navigation bar. Ensure the Use secure connection (SSL) checkbox is enabled.

Secure POP - MS Outlook/Outlook Express

For Outlook and Outlook Express, click on <navigation>Tools|Accounts</navigation>, select the account you wish to configure and click on the Properties button.

Next, click on the “Advanced” tab, and ensure the “This server requires a secure connection (SSL)” checkbox is enabled.

Secure POP - Other Mail Clients

For other mail clients, similar set-up/configuration will exist. Please refer to documentation for your mail client for specific instructions.

Clients such as Outlook and Thunderbird will first guess you username to be your full e-mail address in their wizards. You will need to change this to remove the domain part from the e-mail address.
If you forget the above tip, and you are using the Attack Detector app, you may find that you cause enough password failures to trigger a ban. Please consult the Attack Detector App documentation to unban the device IP. You may also want to consider whitelisting your LAN.

Security

If you open any incoming POP or IMAP port to the internet, then you are more exposed to user/password hacking so strong passwords are highly recommended. By way of mitigation, it is recommended to install the Attack Detector app and enable it for cyrus-imap. The IPS Updates enabled for IMAP and/or POP are also recommended.

To reduce your exposure to the internet it is recommended that you keep to the Secure protocols and, preferably, only one of them.

Troubleshooting

Do not forget to open up firewall ports for e-mail. You only need to open the POP or IMAP ports if you plan on picking up your mail from outside your local network. The default ports are listed below:
  • POP - 110
  • Secure POP - 995
  • IMAP - 143
  • Secure IMAP - 993

Only open the ones you require.

content/en_us/7_ug_imap.txt · Last modified: 2020/05/07 13:12 (external edit)